#WannaCry Highlights Severity of #Cyber Attacks

The infamous WannaCry ransomware has spread across 150 countries and infected more than 230,000 computers since it was launched on 12th May.

Government Releases 2017 Cyber Security Breaches Survey

Review some of the key figures from the government’s 2017 Cyber Security Breaches Survey.

Recent Cyber Security News
and Prosecutions

Read about the company that received the ICO’s highest fine for nuisance calls, an online retailer that failed to adequately protect its customers’ private information and two companies that failed to receive their customers’ consent.

WannaCry Highlights Severity of Cyber Attacks

WannaCry, a ransomware program that targets a vulnerability in outdated versions of Microsoft Windows, has spread across 150 countries and infected more than 230,000 computers since it was launched on 12th May. It disrupted many NHS hospitals in England and Scotland, infecting up to an estimated 70,000 devices, including computers, MRI scanners, blood-storage refrigerators and theatre equipment.

Microsoft was aware of this cyber security gap and, as a precaution, released a Windows security update in March. However, many users had not run the update, which allowed WannaCry to spread quickly. After the initial discovery of the ransomware program, Microsoft issued a warning to the US government concerning its data-storing practices. According to Microsoft, the tool used in the WannaCry cyber attack was developed by the US National Security Agency and was stolen by hackers.

The danger that the ransomware program poses is based partially on how invasive it is. After infecting just one computer, WannaCry can spread to every device in a network within seconds. It works by locking users out of their computers before demanding money in order to regain control of their data. Initially, WannaCry requests about £230, but, if no payment is made within three days, it then threatens to double the amount. If no payment is made within that time, the ransomware program then threatens to delete the files after seven days.

While the spread of WannaCry has appeared to slow down, many firms have hired experts to prevent new infections. Some experts recommend that you should not pay the ransom, as there is no guarantee that the hackers will return the files unharmed, if returned at all. The government’s National Cyber Security Centre recommends that you take the following precautions:

· Install and update anti-virus as well as anti-malware software on all of your organisation’s computers.

· Provide your employees with cyber security training. This should include best practices, such as how to recognise a cyber attack.

However, the most beneficial practice that your organisation can invest in is to purchase comprehensive cyber insurance to ensure that your organisation can sustain a cyber attack. For more information, contact Churchill Insurance Consultants Ltd today.

Recent Cyber Security News and Prosecutions

Record Fine for Firm Behind Nearly 100 Million Nuisance Calls

Keurboom Communications Ltd was fined £400,000, the highest fine issued by the Information Commissioner’s Office (ICO) for making nuisance calls. Over 18 months, the company made 99.5 million nuisance calls. In its investigation, the ICO found that the company hid its identity during the calls—making it difficult for people to complain—and made calls to some people without their express consent. In addition, the company and its director ignored the ICO’s seven separate information notices, which has led to the company being placed in voluntary liquidation.

Flybe, an Exeter-based airline, and Honda Motor Europe Ltd were fined a collective £83,000 for breaking the rules about how customers’ personal information should be treated when sending marketing emails. In its investigation, the ICO found that both companies had sent unwanted emails to customers that had already specified that they did not want to receive them. Both cases emphasise the importance of receiving and verifying customer consent.

Construction Materials Online Ltd was fined £55,000 after the company failed to protect its customers’ personal information. In its investigation, the ICO found that the company did not have adequate cyber protection to prevent an attack. This security gap was exploited by a cyber criminal to access 669 unencrypted cardholder details, which included names, addresses, account numbers and security codes.